> > It seemed to work for me, but I must say that I didn't look at the code to
> > expire WINS entries, so that may still be a problem.
>> Could a samba guru comment? ;)
I believe that if you look deeply into the code you will find that a
value of either 0 or -1 means 'infinite'. It has been a long time since
I looked at it so I may be wrong.
> Also would that small patch make it to the src trees?
Not likely. The LMHosts file is used for local name resolution only.
That is, the client uses LMHosts to to find services which the normal name
resolution mechanism fails to find. What you are doing is different. I
am familiar with the problem, though, having given it a lot of thought
about four years ago.
If I understand this thread correctly, what you want to do is to 'lock'
the mapping between a set of names and a set of IPs so that only the
given IP can register and use the given name. This might be done by
pre-loading the WINS database with those mappings, as you are doing,
assuming that all clients are in either P or H mode (both of which rely
on the NBNS server to resolve names).
> > I'm also not sure if it actually gives you any more security like the
> > documentation says it does.
>> Why not? At least the IP address is secured now. Although it may be spoofed
> by other means, a hacker has more obstacles now.
What this basically does is prevent NBNS (WINS) pollution. If I ever get
around to doing another overhaul of the nmbd I will consider a mechanism
for doing this.
Chris -)-----
--
Christopher R. Hertel -)----- University of Minnesota
crh at nts.umn.edu Networking and Telecommunications Services
Ideals are like stars; you will not succeed in touching them
with your hands...you choose them as your guides, and following
them you will reach your destiny. --Carl Schultz